Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 52854 invoked from network); 12 Jun 2008 17:12:57 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 12 Jun 2008 17:12:57 -0000 Received: (qmail 47288 invoked by uid 500); 12 Jun 2008 17:12:47 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 47261 invoked by uid 500); 12 Jun 2008 17:12:47 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 47250 invoked by uid 99); 12 Jun 2008 17:12:47 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Jun 2008 10:12:47 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of simon.papillon@gmail.com designates 209.85.200.171 as permitted sender) Received: from [209.85.200.171] (HELO wf-out-1314.google.com) (209.85.200.171) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Jun 2008 17:11:55 +0000 Received: by wf-out-1314.google.com with SMTP id 25so3860420wfc.12 for ; Thu, 12 Jun 2008 10:11:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=p7SsS1AqLxuGk8ngkzYB3Xj+byKxhEP0Fm0NOTXsCyw=; b=Uiqe8kKSOqD/bte18RHb01O+DyOaqVwsI/zmokCXpYLgPawhjCBci6L9c74vRBTPh7 4MHK62G2Ob8JJuZ5Cp6uGDmkZT5eQFn0R2FL06+UbagAT1KT4Gkenj2PYAdEm7RTK1Tt txxXosw07Oi9Egxuix6S99scmmNxKPtLTyAnk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=BZs7qOMiiBuxgZfK2uuh/FVl2fTx2ScFaMDeN0SffzeKCeXAT22PJZSuJlk8E3vodo PogJOjCM+5gcdIuRTYoJnlLAOi2EA+F3Edk2aZ9edN5HMapf5+8UZZkC96sqypTQlHn5 udRUsiKyTFDpHsLdXuZYgNl35wnqCugBlhrZs= Received: by 10.142.135.16 with SMTP id i16mr626502wfd.165.1213290715210; Thu, 12 Jun 2008 10:11:55 -0700 (PDT) Received: by 10.143.44.18 with HTTP; Thu, 12 Jun 2008 10:11:55 -0700 (PDT) Message-ID: Date: Thu, 12 Jun 2008 14:11:55 -0300 From: "Simon Papillon" To: users@tomcat.apache.org Subject: jk load balancing based upon ip address rather than session id In-Reply-To: <815985ee0806121007q2be48ef0odec544441b5e0dd2@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <815985ee0806120955yb33a34fs76392d55c5562a30@mail.gmail.com> <815985ee0806121007q2be48ef0odec544441b5e0dd2@mail.gmail.com> X-Virus-Checked: Checked by ClamAV on apache.org Hello, I'm using jk 1.2.25 with tomcat 5.5.25 and apache 2.0 on one debian box - 2.4.27-2-386 i686 GNU/Linux I've set up 3 tomcat instances that receive requests from the jk load balancer worker I've implemented in the web application, a simple cross domain single sign on (SSO) mechanism. This mechanism ties the different session ids in any single container together, regardless if they've originated from different domains, for example: sub1.mydomain.com sub2.yourdomain.com sub3.hisdomain.co.uk Hence when a user "logs on" this is then reflected in all the different sessions that they might be in a particular container for that user, from the serviced domains that they've visited. This is fine when there is just one container. But when there are several all servicing requests in a load balanced context, it doesn't work, because the session ids from different domains may be directed to different tomcat instances / containers, which then breaks the assumption that the SSO mechanism relies upon (that all sessions being held in a single container). The tomcat instances aren't in a distributed cluster and I'd like to keep it that way. My initial idea is to balance the traffic based upon the ip address rather than the session id, thus I can be assured that all requests from a particular ip address will hit the same container, and hence the single sign on mechanism will work. I realise that this would give me a much less granular balancing profile. I'd much prefer to do this through the jk load balancer although as an alternative I could do it through the balancer web app that comes with tomcat and implement a Rule in java myself. I'm open to other ideas that get the job done. I've read the following: http://tomcat.apache.org/connectors-doc/generic_howto/loadbalancers.html http://tomcat.apache.org/connectors-doc/reference/workers.html http://tomcat.apache.org/tomcat-5.5-doc/balancer-howto.html http://venus.rainbow-it.net/manual/en/mod/mod_proxy.html I've searched the forums as well, I had a cheeky look at the source too for shits and giggles, but still no joy. native/common/jk_lb_worker.c seems like the "get_most_suitable_worker" function is very much driven from the session id - I'm no a C programmer :-( My question is has anyone already done this? Is there a better way of doing it that I'm missing, or should I basically just do it through the balancer web in tomcat app and forego the jk load balancer, or bite the bullet and make the tomcat containers a cluster. Any suggestions / help would be very much appreciated Cheers Simon --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org